oss-sec mailing list archives

CVE-Request: apache2-mod_php5 AddHandler content confusion

From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 28 Aug 2012 16:08:53 +0200

Hi,

So far I have not seen any CVE for the recent
"apache2-mod_php5 remote code execution due to multiple extension feature of 'AddHandler's"
where you can treat a blah.php.gif as a PHP script due to sloppy
configs. [1]

Can someone assign a CVE? At the quick look, I cant see who actually
discovered this.

Sebastian

[1] https://bugzilla.novell.com/show_bug.cgi?id=775852


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

---
SUSE LINUX Products GmbH,
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany

Current thread:

CVE-Request: apache2-mod_php5 AddHandler content confusion Sebastian Krahmer (Aug 28)
- Re: CVE-Request: apache2-mod_php5 AddHandler content confusion Kurt Seifried (Aug 28)